sb-au logo
Story image

New online tool helps organisations evaluate security maturity

17 Sep 2018

Security solutions provider Secureworks has released its Security Maturity Model, a pragmatic methodology that organisations of all sizes can use to evaluate their level of cybersecurity maturity relative to inherent risk.  

Secureworks is releasing the model in response to its research which shows that more than one-third of US organisations (37%) face security risks that exceed their overall security maturity.

Within that group, 10% face a significant deficiency when it comes to protecting themselves from the threats in their environment.

To increase global awareness of the gaps between cybersecurity maturity and risk, Secureworks is offering a complimentary evaluation that organisations can take to benchmark their maturity using the Secureworks methodology. 

Cybersecurity leaders who complete an online tool with the support of a Secureworks security expert will receive a report that scores the organisation’s capabilities and behaviours across five essential cybersecurity domains.

The report also assigns a current security maturity tier and compares the organisation’s results to peer benchmarks.

Intuitive charts and graphs throughout the report can be used to identify a desired future state of maturity, prioritise next steps in the journey and support more confident discussions about cybersecurity risk management with the board.

Secureworks consulting practice leader Hadi Hosn says, “Business executives tell us they’re looking for ways to determine whether their cybersecurity capabilities and investment are in line with their business risk profile.”

“Our recent study suggests that misalignment between security activities and actual risk is common enough to warrant a more pragmatic model that can help organisations both identify those gaps and adjust their security maturity goals accordingly.”

Secureworks’ Security Maturity Model is a holistic, risk-driven approach that incorporates elements of frameworks like National Institute of Standards and Technology (NIST) and ISO 27001/02 with insight from Secureworks’ global threat intelligence, analysis of more than 1,000 incident response engagements annually and observed best practices across 4,300 clients.

Organisations who evaluate their maturity against this methodology are scored in the cybersecurity domains of security organisation and governance, security operations, cloud security, incident management and threat intelligence.

“Most frameworks come up short in helping you define the right journey to cybersecurity maturity because they don’t account for inherent risk to begin with,” says Hosn.

“Instead of relying on checklists, the Secureworks Security Maturity Model blends industry best practice frameworks with our knowledge and experience to help organisations invest resources more wisely.”

Key Findings: Secureworks Security Leadership Study

In Secureworks’ 2018 Security Leadership study, guarded companies, the least mature, were lacking the same processes that are commonly shared by resilient organisations, the most secure 7% of the respondents.

The most divergent practices between resilient and guarded organisations include:

  • Aligning and prioritising vulnerability assessments based on business goals (56% for resilient organisations vs. 2% for guarded, the least mature group)  
  • Conducting real-time automated security analysis of business partners (36% vs. 2%)  
  • Employing customised endpoint protection based on user profiles (84% vs. 3%)  
  • Including both technical and business teams in Incidence Response tabletop sessions (92% vs. 45%)  
  • Working with IR partners under retainer agreements (56% vs. 18%)  
  • Integrating threat indicators, with enhancements, into security and workflow controls (80% vs. 6%)
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
WatchGuard report tracks rise of network attacks in Q3
WatchGuard’s Q3 2020 Internet Security Report has called to attention the rise in attacks on corporate networks, even as many organisations shifted to remote work.More
Story image
Holistic web protection market to reach $3.63bn by 2025
Retail, banking and technology sectors are driving the global holistic web protection market, according to new findings from Frost and Sullivan. More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
QNAP launches new desktop smart edge PoE switch
Includes 16 x 30-watt Gigabit PoE ports, 2 x 2.5GbE host management ports, Intel J4125 quad-core 2.0 GHz processor, and 4 x 3.5-inch SATA drive bays.More